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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 



Listing of Claims; 



1. (Currently Amended) A method for obtaining a service 
on a data communications network, the method comprising: 

enrolling with an authority, said enrolling creating 
enrollment results, said enrollment results comprising 
user data in a credential used for user authentication; 
and 

using said enrollment results to obtain a service 
from a service provider on said data communications 
network, said service provider capable of communicating 
directly with said authority to dynamically authenticate 
said enrollment results wherein said service provider is 
an entity that is different from an entity that is said 
authority. 
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2. (Currently Amended) A method for managing 
identification in a data communications network, the method 
comprising : 

generating a credential including authenticated user 
data, said generating comprising: 

presenting a request for authenticated user data 
and a first set of user data to an authority; and 

receiving said credential including said 
authenticated user data from said authority in 
response to said request; and 

using said credential including said authenticated 
user data to obtain at least one service on said data 
communications network, said using comprising: 

presenting a service request and said 
credential including said authenticated user 
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data to a service provider on said data 
communications network; and 

receiving said at least one service in 
response to said service request 4£ when said 
service provider determines said authenticated 
user data is sufficient to provide said at least 
one service wherein said service provider is 
capable of communicating directly with said 
authority to dynamically authenticate said 
authenticated user data and further wherein said 
service provider is an entity that is different 
from an entity that is said authority. 

3. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
the machine to perform a method for obtaining a service on a 
data communications network, the method comprising: 

enrolling with an authority, said enrolling creating 

enrollment results, said enrollment results comprising 

user data in a credential used for user authentication; 

and 

using said enrollment results to obtain a service 
from a service provider on said data communications 
network, said service provider capable of communicating 
directly with said authority to dynamically authenticate 
said enrollment results wherein said service provider is 
an entity that is different from an entity that is said 
authority. 
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4. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
the machine to perform a method for managing identification in 
a data communications network, the method comprising: 

generating a credential including authenticated user 
data, said generating comprising: 

presenting a request for authenticated user data 
and a first set of user data to an authority; and 

receiving said credential including said 
authenticated user data from said authority in 
response to said request; and 

using said credential including said authenticated 
user data to obtain at least one service on said data 
communications network, said using comprising: 

presenting a service request and said 
credential including said authenticated user 
data to a service provider on said data 
communications network; and 

receiving said at least one service in response 
to said service request i£when said service provider 
determines said authenticated user data is sufficient 
to provide said at least one service wherein said 
service provider is capable of communicating directly 
with said authority to dynamically authenticate said 
authenticated user data and further wherein said 
service provider is an entity that is different from 
an entity that is said authority. 
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5. (Currently Amended) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising : 

means for generating a credential including 
authenticated user data, said means of generating 
comprising : 
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means for presenting a request for authenticated 
user data and a first set of user data to an 
authority; and 

means for receiving said credential including 
said authenticated user data from said authority in 
response to said request; and 

means for using said credential including said 
authenticated user data to obtain at least one service on 
said data communications network, said means for using 
comprising : 

means for presenting a service request and 
said credential including said authenticated 
user data to a service provider on said data 
communications network; and 

means for receiving said at least one service in 
response to said service request iiwhen said service 
provider determines said authenticated user data is 
sufficient to provide said at least one service 
wherein said service provider is capable of 
communicating directly with said authority to 
dynamically authenticate said authenticated user data 
and further wherein said service provider is an 
entity that is different from an entity that is said 
authority. 



6. (Currently Amended) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising : 

means for receiving a user-controlled resource - 
constrained s e cur e storag e device; 

means for enrolling said user with an authority, said 
enrolling comprising providing information requested by 
said authority; 
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means for receiving a credential including user data, 
in response to said enrolling, wherein said credential is 
used for user authentication; 

means for storing said credential including said user 
data in said user-controlled resource -constrained s e cure 
storag e device; and 

means for using said credential including said user 
data at a service provider Web site to obtain a service 
wherein said service provider Web site is capable of 
communicating directly with said authority to dynamically 
authenticate said authenticated user data and further 
wherein said service provider Web site is an entity that 
is different from an entity that is said authority. 



7. (Cancelled) 



8. (Currently Amended) An apparatus for obtaining a 
service on a data communications network, the apparatus 
comprising: 

a service provider configured to accept a service 
request and a credential including enrollment results 
obtained from an enrollment authority, said service 
provider capable of communicating directly with said 
authority to dynamically authenticate said enrollment 
results, said service provider configured to provide said 
service based upon said enrollment results and a response 
from said enrollment authority, wherein said service 
provider is an entity that is different from an entity 
that is said authority. 



9. (Cancelled) 



10. (Cancelled) 
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